Community news and analysis: January 2015

Posted on February 6, 2015 - 13:44 by ccondon

General security news

Google looks back on how its security rewards programs did in 2014 and details a new vulnerability research grant it will offer in 2015. (Google Online Security Blog Jan 31)

Mozilla on referers [sic]: “This HTTP header has become quite problematic and not very useful...What’s needed is a better way for referring sites to reduce the amount of data transmitted and thus providing a more uniform referrer that’s less privacy invasive.” Firefox 36 Beta supports a “meta referrer” feature that gives sites tighter control over their referrers. (Mozilla Security Jan. 21)

Mozilla is also progressing in its project to phase out certificates with 1024-bit RSA keys. See the post for a list of affected root certificates. (Mozilla Security Jan. 28)

A WordPress security Q&A with VaultPress Vaultkeeper and lead developer Mark George (Automattic Jan. 30)


Qualys, SiteLock, and Sophos on what you need to know about the much-mentioned GHOST vulnerability in the Linux glibc library. Patches were available as of Jan. 27, 2015.

Qualys (Jan. 21 and Feb. 2) and Sophos (Jan. 23 and Jan. 24) have also offered excellent coverage of multiple recent Adobe zero-day vulnerabilities.

Webmaster warnings from Sucuri: Security vulnerabilities in Pagelines and Platform themes for WordPress (Jan. 21), remote code execution vulnerability in vBSEO (Jan. 13), and a fake “mobile-shortcuts” WordPress plugin that injects SEO spam into websites. (Jan. 30)


CTB-Locker: New campaigns spread malware that demands Bitcoin ransoms from victims; Poland, the Czech Republic, and Mexico have the highest infection rates. (ESET Jan. 21)

Apparently, it’s such an ordeal for Belarusians wanting Polish visas to get an appointment at the Consulate of Poland that someone created a botnet with the express purpose of filling out forms to secure an appointment slot. Yes, really. (ESET Jan. 29)

5 ways to protect your website from malware (SiteLock Jan. 20)

Fortinet malware analysis: Cracked version of an old Andromeda botnet malware variant spreads Bitcoin miner (Jan. 7), analysis of recent VBA macros (Jan. 6)

After a multinational takedown operation in December 2013, the ZeroAccess click fraud botnet has reappeared. At the end of January 2015, around 50K computers were compromised by the resurgent botnet, although researchers noted it doesn’t appear to be growing. (Sophos Jan. 31)

A mid-January malvertising campaign abused AdSense to redirect users to fake health websites. (Sucuri Jan. 14)


MarkMonitor, Fortinet, and Sucuri are new StopBadware Partners

Posted on January 31, 2013 - 14:27 by ccondon

Therefore and thusly we doth decree: StopBadware’s first new partnerships of 2013 have been formed! Today we welcome a trio of security samurais, a triplicate of vulnerability vanquishers, a boisterous band of badware bashers: MarkMonitor, Fortinet, and Sucuri. All three of these companies will contribute their perspectives on security, recent attacks, and the evolving threatscape to StopBadware’s Partners Forum discussions. And more: Fortinet has signed on to participate in our new data sharing initiative, MarkMonitor was instrumental in helping to get the Ads Integrity Alliance’s Web presence up and running, and Sucuri’s crew of website experts have been helping webmasters on our community forum for several years. A big, formal welcome to these three great companies!

Our partner companies have always spanned an impressive breadth and depth of security interests and expertise. Incorporating all these diverse perspectives into an ongoing, actionable conversation is a constant challenge, but it’s a challenge we’ve come to welcome, and from which we consistently benefit. MarkMonitor, Fortinet, and Sucuri are a perfect example of our supporters’ outstanding diversity: these three new StopBadware Partners represent leadership in online brand protection, network security and unified threat management, and website malware protection and cleanup. As broad as their interests are, they join a distinguished crew in working toward a singular, grand goal: finding new ways to make the Web safer for everyone.

StopBadware, now with 280% more Partners

It all started with a simple question: how can we get leading technology companies to support StopBadware’s work? It was a bit over a year ago, and we were struggling to expand our network from a core group of early supporters—Google, PayPal, Mozilla, Verizon, and SoftLayer—to the large, diverse constituency we knew was necessary to step up the fight against badware. Nearly everyone we talked to, whether in marketing, security, or the executive suite, said they liked what we were doing, but they weren’t prepared to become sponsors. So, we started to ask them why.

The key, as it turns out, was engagement. Companies weren’t looking to just write a check and get recognition; they could do that at conferences and events. Instead, they were looking to be part of the solution. They asked to participate in discussions. They offered use of their tools and access to data. They told us they wanted to learn from and network with each other and to be part of a collective industry response to badware on the Web.

So, a year ago, armed with this input, we launched our new Partner program. A central feature was the Partners Forum, a regular conference call and accompanying email list with representatives from all the participating companies. We also created a tiered cost structure, including an entry-level tier for companies that were ready to engage but were not yet able to put up the amount of cash offered by our earlier supporters. And, with each prospective Partner, we talked about ways that we could work together to build a safer Web.

A year later, we’re up to nineteen Partners from over a dozen different industries. And we’re not done yet. Each day, we learn more from our current and prospective Partners about their needs and those of the users we’re trying to protect. Our Partners’ interest prompted us to develop a data sharing program, which we hope to launch in the next several months. Meanwhile, we continually refine our Partners Forum calls based on feedback and participation.

With the help of our new Partners, the StopBadware community continues to build momentum in the fight against badware. If you are interested in learning more about our Partner program—or sharing your ideas on how to make it stronger—please email us at